I added this to my network with the intention on using it as a switch not a router. I just needed the ability to do 10gbit between my UNRAID and Desktop. But if it’s fast enough to handle the routing that would be great. I was about to replace my home router with a PFSense setup I built but if this can handle it I’d rather just learn how to set it up and use it instead. I learned how to use PFSense I can probably learn this.
Right now my internet is 1000/50 and I don’t use any VPN but have a lot of devices on the network and (3) Wifi6 APs that are Ethernet back hauled so I’ll have to plug another hub/switch into it as well.
Here you may find the tests: https://mikrotik.com/product/crs305_1g_4s_in#fndtn-testresults
For 25 firewall rules with 512k packets, it says ~270Mbps. This value could be considered as real life performance. You might squeeze out more, but only by avoiding features like queuing, not using ipv6, etc..
For a 1G Internet uplink I would use as an optimum an rb5009 or a HAPax, HAPac or at least a HEXs. Depending on the budget and the used features.Ah and also the availability of the devices themselves.
The CPU on the CRS305 is not fast enough to have a 1G internet, the hAP ac also is weak for that, my recomendation is a hAP ax (2 or 3) or a RB5009 ( the beter option).
I have a CRS305 for connecting my unRaid server at 10G and I run it in swOS mode, the rest of the devices, including a ax AP is connected to RB5009. I use to have a RB4011 that also was good for my 1gig internet.
If you have dual-stack IPv4 and IPv6, only the RB5009 can give you full link speed, the hAP ax3 maybe able to as well.
I used the HAPac2, HAPac3 and also the HEXs and I was able to reach full line speed for normal sized packets like copying files. But that was ROS6 and I have taken care to use fast track, having an efficient ruleset and using the switching chip (not doing software bridging in parallel). For ROS7 I only have experience with an RB5009, which is currently handling my 1G uplink flawlessly, even with queuing, VPN, lots of VLANs and big firewall ruleset. There is no fast track at all.
To have enough reserves for all ROS7 features, RB5009 is recommended, I think the HAP ax2/3 are also solid choices, but none of them are avilable right now.
For IPv6 I would use HEXs (or sthg else from a cheap vendor) with OpenWRT installed…
The CRS309 would do a it a lot better as it can offload L3 connections to the switch chip, something the CRS305 can not. Others have given you an idea of the throughput you can expect from the CRS305. That is not worth your efforts.
@mada3k: regarding trust, what is the conceptual difference between fasttrack and L3HW? I guess you trust fasttrack or am I mistaken? Fasttrack also skips lots of CPU processing. Yes, fasttrack is with us already for ages while L3HW is new, so chances for lurking bugs are higher with L3HW … but those are (hopefully) going to be squashed, and one is purchasing new hardware only so often.
L3HW (which is not exactly the same as “pure L3 routing”) is a scheme where software decides which particular connection to offload to HW routing. So there’s still software “driving” the offload process. One can hope that granularity of offloading is good enough so that chance of leaking packets is low enough.
But conceptually: also for fasttrack a piece of software decides which particular connection to fasttrack … and fasttracked connection is after that also pretty much off limits to usual firewall rules. And from conceptual point of view it doesn’t matter which part of router deals with packets (either some shortcut in software or switch chip) …
I would say that it is actually quite different from L3 routing. L3HW traffic is offloaded only for the same conditions as fasttrack (i.e. source IP/port and dest MAC/IP/port and matching MAC addresses). Each connection is individually offloaded to the switch.So it is offloaded to the chip like L3 routing but unlike it, it is not pure routing but conditional forwarding of individual established connections that would otherwise be fast tracked by software including the possibility to do NAT.
@Ilag, you’re right by saying that technically L3HW offloading of tracked connections is not the same as L3 routing … and not all L3HW-supported devices are actually capable of doing it. But I was discussing conceptual difference between fasttracking (individual connections!) and L3HW offloading (individual connections … on devices which actually support that). And the point of me discussing it is post #6 by @mada3k where he problimatized L3HW offloading as part of firewall operations … with which I obviously don’t agree:
I recommend to keep the internet gateway and the internal switching separated.
RB2011 (600MHz) can do about 800mbps IPv4 NAT with default firewall rules and Fasttrack… but at full CPU.
CRS305 (800Mhz) are similar… but adding firewall rules disables Fast Path.
Fasttrack and Fast Path: http://forum.mikrotik.com/t/fastpath-fasttrack-l2hw-l3hw-clarification/155333/1